Tag Archives: apple access to phone records

The director of the US Federal Bureau of Investigation has defended his legal fight with Apple over encryption, saying the case involving the San Bernardino shooter’s iPhone was “quite narrow” and not intended to set a precedent.

In the latest volley of an escalating war of words between the US authorities and the world’s most valuable company, James Comey made an emotional appeal to Apple and the US public in a blog post on specialist legal site Lawfare.

More

On this story

On this topic

IN US Politics & Policy

“We can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead,” he said. “We don’t want to break anyone’s encryption or set a master key loose on the land.”

The FBI director wrote that the tension between privacy and safety “should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.”

Instead, he continued, the matter should be settled “by the American people” and called for a “long conversation” on the matter.

Mr Comey’s blog post comes ahead of Apple’s legal response later this week to a case that began last Tuesday when a judge in California ordered the iPhone maker to create tools that would help the FBI unlock a device used by Syed Rizwan Farook before he killed 14 people in December.

Tim Cook, Apple’s chief executive, has refused to comply with the order, calling the demand for what he called a “back door” into the iPhone an “over-reach” by the authorities that has “chilling implications” for its customers’ privacy. Several other Silicon Valley companies, including Google and Facebook, have supported Apple’s position.

On Friday the US Department of Justice and Apple traded blows over both the intent behind the order and the handling of the investigation. The DoJ accused Apple of putting concerns about its “marketing strategy” ahead of its legal obligations and said Mr Cook had made “numerous mischaracterisations” of the government’s case.

Apple executives denied that allegation and implied that the FBI had bungled an opportunity to gain access to data stored on Farook’s iPhone, by changing the iCloud password in the hours after he was killed in a shootout with officers.

That password reset prevented the iPhone from sending its data to Apple’s servers through an automatic back-up, where it could be accessed by the company and the FBI through a standard legal process.

You need JavaScript active on your browser in order to see this video.

The FBI on Saturday denied wrongdoing in that situation, saying the iCloud reset was a “logical next step” in its investigation and “does not impact Apple’s ability to assist with the court order”.

“It is unknown whether an additional iCloud back-up of the phone after that date — if one had been technically possible — would have yielded any data,” the FBI said.

Mr Comey on Sunday night attempted to step over the row about the iCloud back-up and appealed to the broader principles at stake in what he called a “heartbreaking” case of terrorism.

“The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message. It is about the victims and justice,” he wrote in his post, which does not directly mention Apple or the iPhone by name.

Apple must file its legal response to the judicial order by Friday, which is also the day the company holds its annual shareholder meeting at its Cupertino headquarters.

One survey late last week showed that US public opinion is finely balanced on the issue. An online poll of 1,093 US adults by SurveyMonkey found that 51 per cent agreed with the FBI while 49 per cent took Apple’s side. Even among iPhone owners, a narrow majority backed the FBI in the dispute.

Last week, Apple announced that starting with iOS 8, the company would no longer help police get some of the most sensitive data on your phone, including messages, emails, contacts and call history.

And it’s not that it doesn’t want to anymore, it’s that now Apple says it can no longer do it — even if it wanted to.

“Apple cannot bypass your passcode and therefore cannot access this data,” the company said in its new privacy policy.

Many, including privacy advocates, rejoiced at the news — but some police officers are not that happy. And although there are still other ways cops can get their hands on your iPhone data, authorities are still complaining.

“It’s definitely going to impact investigations, there’s no doubt about that,” Dennis Dragos, a former New York Police Department detective who worked for 11 years in the computer crimes squad, told Mashable.

“Detectives are trained to follow down every single lead, follow every possible trail until you get to the resolution of your investigation,” he continued.

“This is now a dead end. You’re closing a door that was available before.”

Dragos is not the only one who thinks that way.

On Thursday, FBI Director James Comey himself said that he was “very concerned” about Apple’s decision.

John Escalante, the chief of detectives for Chicago’s police department, said that because of this change, “Apple will become the phone of choice for the paedophile.”

For some law enforcement officials, this could even become a matter of life and death. In a Washington Post op-ed, Ronald T. Hosko, the former assistant director at the FBI Criminal Investigative Division, complained that Apple’s new privacy stance, later followed by Android, will “protect many thousands of criminals who seek to do us great harm, physically or financially.”

“[Criminals’] phones contain contacts, texts, and geo-tagged data that can help police track down accomplices,” Hosko wrote. “These new rules will make it impossible for us to access that information. They will create needless delays that could cost victims their lives.”

But privacy advocates and security researchers are sceptical.

“I think there’s a lot of kicking and screaming over this but cops have been able to do their job just fine for the past 200 years in this country, without having access to people’s personal iPhone,” Jonathan Zdiarski, a forensic and security researcher who has worked as a consultant to police agencies, told Mashable. “Criminals are just as stupid today as they always have been and they’re going to leave traces and evidence in a number of places.”

Moreover, despite all the controversy, there are actually still a few ways for the police to get at least some data from an iPhone with iOS 8 and protected by a passcode. Below, we’ve broken down some of the ways cops can still put their hands on your digital belongings.

Getting your iCloud backup

If police officers can’t get the data that’s locally stored on an iPhone, they might still be able to get it from the cloud.

Apple prompts users to back up their iDevices to iCloud, and the data there can be obtained by law enforcement agents with a search warrant. Yes, iCloud backups are encrypted, but they’re encrypted with a key in Apple’s possession, so Apple can be legally required to turn the backups over if served with a valid legal request, as Micah Lee, First Look‘s technologist and security expert, explained.

With iCloud, police can potentially get any data from your phone, unless you turn off the automatic backup, or you only backup certain data.

Using forensic tools

Forensic tools are still a great way to get some data out of your iPhone. If the police arrests you and gets both your phone and a computer that you used to connect with your phone using iTunes — a “paired device” — they can dump some data out of it bypassing your passcode using existing forensic tools, as Zdiarski noted in a recent blog post.

In this case, the passcode doesn’t protect you, because Apple has designed this system to allow you to access some data on your phone using iTunes or Xcode without unlocking your device.

The caveat here is that only some data is available in this scenario. In particular, any data from third party applications such as Facebook, Twitter and Evernote; photos, videos and recordings; and iTunes media such as books and podcasts. But data from native iOS applications like iMessages, emails or calls is out of reach.

To prevent this from happening, as Zdiarski notes, then you can “pair lock” your iPhone so that it doesn’t pair with any new computer, preventing police computers from “pairing” with your iPhone.

Without the ability to impersonate a trusted computer, and with a locked phone protected with the passcode, “law enforcement at this point doesn’t seem to really have any options,” Zdiarski said.

Getting your iTunes backup

Another target for police officers is the iTunes backup on your computer. If you back up your iPhone to your computer with iTunes, a police officer that gets his hands on your computer can get all the data that you have last backed up.

“Data is still available, as long as iTunes and iCloud reign,” Lee Reiber, the vice president for mobile solutions at forensic firm AccessData, told Mashable.

In this scenario, only a backup password can stop the police, and in that case, it better be a good password or it might be vulnerable to brute forcing — the automated process of guessing all possible passwords until you get the right one. Or, they might just force you to give it up.

Forcing you to give up your passcode

Having a passcode protect your phone is great — unless someone else knows that passcode. And here’s a legal caveat many might not be aware of: the police might be able to compel you to give up your passcode, which renders any sophisticated technological protections you might have on your phone completely moot.

The case law on this issue is still contradictory, and it has only dealt with computers (though it’s hard to see the difference between an encrypted computer and an encrypted phone).

But in some cases someone who refuses to give up her password can be held in contempt of court, which can even lead to jail, as reported by Wired.

In the US, a defendant can plead the fifth and refuse to testify against himself and self-incriminate. Some think that handing out a password to authorities amounts to self-incrimination and should not be accepted, but others disagree.

Breaking TouchID

Where there seems to be more consensus that “pleading the Fifth” won’t get you anywhere is if the cops ask for your fingerprint.

Fingerprints, and other physical objects like actual keys, have traditionally not been considered protected by the Fifth Amendment. So if you lock your iPhone with TouchID, the cops can legally compel you to unlock it, as internet and privacy lawyer Marcia Hoffman explained last year.

And if you refuse, police officers might be able to lift your fingerprint from a surface — say your computer screen — and unlock it themselves.

As various online videos have shown, it’s possible to break into an iPhone 6 with a dummy fingerprint just as it was with the 5S.

Other options

Outside of these scenarios, options for law enforcement, at this point, are limited. A good old brute force attack, where you guess every possible passcode combination is technically possible, but there are no forensic tools that can make this automated, both Zdiarski and Reiber said.

Technically, Apple could brute force a four digit passcode if the police asked the company to do it, but it seems unlikely that Apple would do something like that after trumpeting that they wouldn’t help police unlock phones anymore.

Doing it manually is obviously a daunting task, as there are 10,000 combinations of 4 digit passcodes, and iPhones disable after six wrong attempts.

And if police are simply looking for call records, they can always request them from phone carriers, or perhaps plant malware on your phone.

As for the iPhone, it might be harder now, but forensic firms and law enforcement hackers will now look for new places and holes to get data.

“As secure as the device can be, there’s always going to be some vulnerability that can be located and exploited,” Reiber said. “That’s what it really is, cat and mouse.”

1…’Poor law enforcement. They’re going to have to make do with their ability to covertly track you, wiretap you and hack into your computer.’